Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safer Web Browsing Terry Labach Information Security Services IST.

Similar presentations


Presentation on theme: "Safer Web Browsing Terry Labach Information Security Services IST."— Presentation transcript:

1 Safer Web Browsing Terry Labach Information Security Services IST

2 2011 "People are terrible about making security tradeoffs. If you give a naive user a choice, such as, 'If you want to see the dancing pigs, you could be compromising your machine,' most users will choose the dancing pigs over security every time." - Bruce Schneier, security author and consultant, on how computer users manage risks while using the Internet. [http://www.theglobeandmail.com/servlet/story/LAC. 20060803.TWVISTA03/TPStory/Business]

3 Outline The risks Taking responsibility Browser configuration Browser tools Questions 2011

4 The risks Embarrassment Identity theft Financial loss Loss of productivity 2011

5 Taking responsibility The basics –Use good passwords Not in dictionary Reasonably long with mix of characters –Don’t reuse passwords Don’t let browser save passwords –Master password –Password vault 2011

6 "You know, I almost bore myself when I say to myself, 'It's time to get the groceries,' I certainly don't want to put it out there for people to read." - Eugene Levy, comedian, talking about Twitter in a Canadian Press interview.

7 Taking responsibility Thoughtful browsing –Don’t give up personal information Date of birth Postal code or location Vacation schedule Social Insurance Number! 2011

8 Taking responsibility Maintain safe environment –Keep operating system, browser up to date –Apply security patches –Be cautious using public Wi-Fi –Use secure communications (https) 2011

9 Taking responsibility Clicking on links can introduce attacks –Poisoned search results –Clickjacking –Cross-site scripting 2011

10 Taking responsibility Installing software –Know what software needed for sites you browse –Enter software web site address yourself, don’t click link –Don’t install software for unknown file types or oddly named files 2011

11 Taking responsibility Separate browsing environments –Have one user login id for social networking, etc.; a different id for financial transactions Virtual machines (advanced) –Use separate virtual computers on your PC for browsing with different security needs –High security virtual machine has no unneeded software 2011

12 Browser configuration General principles –Protect your information –Protect your privacy –Disallow access and execution Exceptions –You will want to break these principles for good reasons at times –Use principles as your default 2011

13 Browser configuration Firefox –Disable Java and JavaScript –Disable save passwords (or use master password) 2011

14 Browser configuration Internet Explorer –Apply high security setting to Internet zone –Limit cookie permissions –Do not allow third party extensions 2011

15 Browser configuration Safari –Disable Java and JavaScript –Block pop-up windows –Disable opening of so-called safe files 2011

16 Browser configuration Chrome –Limit cookie permissions –Web content settings 2011

17 Humans…have unacceptable speed and accuracy…. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) - C. Kaufman, R. Perlman, & M. Speciner in Network Security: PRIVATE Communication in a PUBLIC World

18 Tools NoScript –http://noscript.net/http://noscript.net/ –Blocks JavaScript and defends against other potentially malicious content –Swiss Army Knife of protection 2011

19 Tools Web of Trust (WOT) –http://www.mywot.com/http://www.mywot.com/ –Ranks websites based on feedback from WOT users –Adds links to search engine results 2011

20 Tools Ghostery –http://www.ghostery.com/http://www.ghostery.com/ –detect and block 3rd party tracking –Shows the elements of web pages served from third parties 2011

21 Tools View Thru –https://chrome.google.com/webstore/detail/jkn cfnbcgbclefkbknfdbngiegdppgddhttps://chrome.google.com/webstore/detail/jkn cfnbcgbclefkbknfdbngiegdppgdd –Displays the target of shortened URLs 2011

22 Tools HTTPS Everywhere –https://www.eff.org/https-everywherehttps://www.eff.org/https-everywhere –Forces use of https protocol on web pages that support it 2011

23 Tools Adblock Plus –http://adblockplus.org/en/http://adblockplus.org/en/ –Blocks ads while browsing 2011

24 Resources - User safety CERT - Securing Your Web Browser SANS - Browser Safety SANS - Secure Browsing Environment Canadian Cyber Incident Response CentreCanadian Cyber Incident Response Centre U.S. Computer Emergency Readiness TeamU.S. Computer Emergency Readiness Team 2011

25 Resources - Browsers Firefox –Privacy & SecurityPrivacy & Security Internet Explorer –Improve the safety of your browsing and e-mail activitiesImprove the safety of your browsing and e-mail activities Safari –Security & PrivacySecurity & Privacy Chrome –Manage privacy and security settingsManage privacy and security settings 2011

26 Resources – Tools discussed NoScript Web of Trust Ghostery View Thru HTTPS Everywhere AdBlock Plus 2011

27 Resources – Other Tools Facecloak –Protect user privacy on Facebook Qualys BrowserCheck –ensures browser and plugins are up to date Trashmail –lets you use a disposable email address LastPass –Secure password vault 2011

28 Resources – Waterloo IST Information Security Services Terry Labach –Web application security Consulting Testing applications Ethical hacking Programming best practices –Web training and education 2011

29 Questions? 2011


Download ppt "Safer Web Browsing Terry Labach Information Security Services IST."

Similar presentations


Ads by Google